Category: Communication Media & Internet

International Trade Commission Addresses Use of Standard-Essential Patents in Section 337 Investigations

McDermottLogo_2c_rgb

The International Trade Commission (ITC) addressed for the first time the issue of whether infringement of a patent that has previously been declared “standard-essential” may form the basis for either a limited exclusion order or cease-and-desist order under a § 337, ruling that nothing in the ITC’s enabling statute prevents issuing an exclusion order, even if the complainant is under an obligation to license the patent.  Certain Electronic Devices, Including Wireless Communication Devices, Portable Music and Data Processing Devices, and Tablet Computers, Inv. No. 337-TA-794, (U.S. ITC, June 4, 2013) (ITC, per curiam); Commissioner Pinkert, dissenting).

The complainant, Samsung Electronics, held two patents that it had previously declared to be “standard-essential” to the Universal Mobile Telecommunications System promulgated by the European Telecommunications Standards Institute (ETSI).  ETSI’s Intellectual Property Rights policy required Samsung to offer licenses to such patents on fair, reasonable and non-discriminatory (FRAND) terms.  After licensing negotiations between Samsung and the respondent, Apple, broke down, Samsung filed a complaint at the ITC requesting a limited exclusion order against Apple’s mobile communication products.  After the administrative law judge ruled, on an initial determination (ID), that none of the patents at issue were valid and infringed, the ITC determined to review the ID and sought views from both the parties and the public as to whether Samsung’s declaration of the patents at issue as “standard-essential” should affect either the ITC’s analysis of whether there was a violation of § 337 or what relief should be provided.

In its final determination, the ITC found one of the two patents to be both valid and infringed, and that the proper relief was a limited exclusion and cease-and-desist order directed to the infringing articles.  The ITC first rejected Apple’s argument that the Commission should not investigate an alleged violation of § 337 based on infringement of patents subject to a FRAND undertaking, ruling that under § 337(b)(1), the ITC is required to investigate any alleged violation based upon a complaint under oath, whether or not those patents have been declared standard-essential.  The ITC also rejected Apple’s theory that the Commission “cannot address infringement of standard-essential patents other than in the exceptional scenarios such as where a potential licensee has refused to pay a royalty after a U.S. court has determined that royalty to be FRAND, or where no U.S. court has jurisdiction over the potential licensee in order to set a FRAND rate,” ruling that the remedies provided under § 337 could be imposed in addition to any damages or injunctions available from a district court.

The ITC further determined that Apple had not “properly argued any affirmative defense that would preclude the Commission from finding a violation based on assertion of a declared-essential patent,” such as a breach of contract, promissory estoppel, laches or fraud  The ITC ruled that even if Apple had offered sufficient evidence that the FRAND declaration was a legally enforceable obligation, the patents at issue were actually necessary to practice the standard and that Samsung was required to grant irrevocable licenses under FRAND terms to any party, it still would not have found in Apple’s favor, because the parties’ final offers were sufficiently close to each other that Samsung did not violate its obligation to negotiate in good faith.  Importantly, the ITC found that Samsung was not under any obligation to make an initial offer that was FRAND, because “the SSO intends the final license to be accomplished through negotiation” and “even if it were true that a FRAND agreement that requires Apple to pay Samsung ultimately is not reasonable, the offers that Apple criticizes do not necessarily demonstrate that Samsung has violated its FRAND obligations by failing to negotiate in good faith” (emphasis in original).  Finally, the ITC rejected the theory that whether a patent has been declared standard-essential should be considered when the public interest is analyzed, finding that its consideration of the public interest is limited solely to the four factors listed in § 337(d)(1).

Uncommonly for a Commission opinion, Commissioner Dean Pinkert wrote a dissent arguing that the ITC should not issue an exclusion order based on Samsung’s obligation to license the patents on a FRAND basis, that the evidence indicated Samsung was unwilling to make a FRAND licensing offer with respect to the standard-essential patents and that the absence of a FRAND offer should have a bearing on whether relief under § 337 is in the public interest.  Specifically, Commissioner Pinkert found that it was neither fair nor non-discriminatory for a FRAND-encumbered patent holder to require licenses to non-FRAND-encumbered patents as a condition for licensing the FRAND-encumbered patent.  Commissioner Pinkert also would have found that the statutory language of § 337(d)(1), as well as the legislative history of the statute that “any evidence” of price gouging or monopolistic practices on the part of the complainant would be a proper basis for denying exclusion, suggests that the section should be read broadly.

Practice Note:  The Commission’s rejection of a per se rule barring exclusion orders for patents that have been declared standard-essential is likely to lead to have a number of effects, including increased litigation of standard essential patents at the ITC, counter-suits requesting that a district court rule determine what royalty rate is FRAND and/or requesting that a complainant be enjoined from proceeding before the ITC, presidential review taking on increased importance and potential legislative action to curb the ITC’s jurisdiction.

Article By:

 of

Twitter Best Practices Guide for Attorneys

The Rainmaker Institute mini logo (1)

With more than 200 million active users, Twitter is a major social media network attorneys should not ignore. Twitter can be a highly useful marketing tool for attorneys to promote their blogs and other thought leadership content.

Here is a best practices guide for attorneys using Twitter:

Tweet 4x/day or less

Use fewer than 100 characters per Tweet

Add links to Tweets to get higher Retweet rates – Tweets containing links get 86% higher Retweet rates

Make sure the links are clickable by including a space before the URL

Tweet on the weekends – engagement rates are 17% higher then

Engage with followers during “busy hours” of 7 a.m. to 8 p.m.

Include hashtags in your Tweets, but no more than 2 per Tweet – Tweets with hashtags get twice the engagement

Add links to images to increase engagement – Tweets with image links enjoy twice the engagement rate than those without.

Use the word “Retweet” as a call-to-action to prompt your followers to share – Tweets that ask followers to Retweet receive 12x higher Retweet rates

Since Twitter is essentially a micro-blogging site, the same rules apply: create unique, original content that adds value, and your audience will respond.

Article By:

 of

Recent Data Breach Reports: And the Hits Keep on Coming….

Mintz Logo

The ”hits” to data bases, in any event.   Here is a rundown of some of the most recent data breach reports –

Oregon Health & Science University Data Breach Compromises 3,000 Patients’ Records in the Cloud.

Modern Healthcare (subscription may be required) reports that the Oregon Health & Science University announced it is “notifying more than 3,000 of its patients of a breach of their personally identifiable information after their data were placed by OHSU resident physicians on a pair of Google’s cloud-based information-sharing services.” The data breach, which involves “patients’ names, medical record numbers, dates of service, ages, diagnoses and prognoses and their providers’ names” posted to Gmail or Google Drive, was discovered in May by an OHSU faculty member.  According to  Healthcare IT News, this is OHSU’s “fourth big HIPAA breach since 2009 and third big breach just in the past two years, according to data from the Department of Health and Human Services.”

Citigroup Reports Breach of Personal Data in Unredacted Court Filings; Settles with Justice Department

American Banker reports that Citigroup recently admitted having failed to safeguard the personal data (including birthdates and Social Security numbers) of approximately 146,000 customers who filed for bankruptcy between 2007 and 2011. Citi apparently failed to fully redact court records placed on the Public Access to Court Electronic Records (PACER) system. “The redaction issues primarily resluted from a limitation in the technology Citi had used to redact personally identifiable information in the filings,” Citi said in a statement. “As a result of this limitation in technology, personally identifiable information could be exposed and read if electronic versions of the court records were accessed and downloaded from the courts’ online docket system and if the person downloading the information had the technical knowledge and software to restore the redacted information.”

In a settlement with the Justice Department’s U.S. Trustee Program, Citi has agreed to redact the customer information, notify all affected debtors and third parties, and offer all those affected a year of free credit monitoring.

University of Delaware Reports Cyberattack – 72,000 Records Affected

The University of Delaware is notifying the campus community that it has experienced a cyberattack in which files were taken that included confidential personal information of more than 72,000 current and past employees, including student employees. The confidential personal information includes names, addresses, UD IDs (employee identification numbers) and Social Security numbers.

Stanford University Reports Hack – Investigating Scope

Stanford University has announced that its information technology infrastructure has been breached, “similar to incidents reported in recent months by a range of companies and large organizations in the United States,” according to a Stanford press release. Though the school does not yet “know the scope of the intrusion,” an investigation is underway. “We are not aware of any protected health information, personal financial information or Social Security numbers being compromised, and Stanford does not conduct classified research.”

Japan’s Railway Company Apologizes for Unauthorized “Sharing”

The Wall Street Journal reported yesterday (registration may be required) that Japan’s national railway system has apologized for sharing its passengers’ travel habits and other personal information with a pre-paid fare card system without user consent, The Wall Street Journal reports. East Japan Railway admitted to selling the data to Suica—one of the pre-paid card businesses. The data included card holders’ ID numbers, ages, genders and where and when passengers got on and off the train. A transportation ministry official, however, said they will not investigate the issue for privacy violations because the railway company “told us that it wasn’t personal information, as it didn’t include names and addresses of users.” The Ministry of Internal Affairs and Communications is looking into the issue and has set up a team to research the matter, the report states.

Article By:

 of

In Largest Known Data Breach Conspiracy, Five Suspects Indicted in New Jersey

DrinkerBiddle

On July 25, 2013, the United States Attorney for the District of New Jersey announced indictments against five men alleging their participation in a global hacking and data breach scheme in which more than 160 million American and foreign credit card numbers were stolen from corporate victims, including retailers, financial institutions, payment processing firms, an airline, and NASDAQ.  The scheme is the largest of its kind ever prosecuted in the United States.

The Second Superseding Indictment alleges the defendants (four Russian nationals and one Ukrainian national) and other uncharged co-conspirators targeted corporate victims’ networks using “SQL [Structured Query Language] Injection Attacks,” meaning the hackers identified vulnerabilities in their victims’ databases and exploited those weaknesses to penetrate the networks.  Once the defendants had access to the networks, they used malware to create “back doors” to allow them continued access, and used their access to install “sniffers,” programs designed to identify, gather and steal data.

Once the defendants obtained the credit card information, they allegedly sold it to resellers all over the world, who in turn sold the information through online forums or directly to individuals and organizations.  The ultimate purchasers encoded the stolen information on blank cards and used those cards to make purchases or withdraw cash from ATMs.

The defendants allegedly used a number of methods to evade detection.  They used web-hosting services provided by one of the defendants, who unlike traditional internet service providers, did not keep records of users’ activities or share information with law enforcement.  The defendants also communicated through private and encrypted communication channels and tried to meet in person.  They also changed the settings on the victims’ networks in order to disable security mechanisms and used malware to circumvent security software.

Four of the defendants are charged with unauthorized access to computers (18 U.S.C. §§ 1030(a)(2)(C) and (c)(2)(B)(i)) and wire fraud (18 U.S.C. § 1343).  All of the defendants are charged with conspiracy to commit these crimes.

Two of the defendants have been arrested, with one in federal custody and the other awaiting an extradition hearing.  The other three defendants, two of whom have been charged in connection with hacking schemes, remain at large.

This conspiracy is noteworthy for its massive scale, and for the patience the hackers demonstrated in siphoning data from the networks.  The U.S. Attorney “conservatively” estimates more than 160 million credit card numbers were compromised in the attacks, and alleges that the hackers had access to many victims’ computer networks for more than a year.  Many prominent retailers were targets, including convenience store giant 7-Eleven, Inc.; multi-national French retailer Carrefour, S.A.; American department store chain JCPenney, Inc.; New England supermarket chain Hannaford Brothers Co.; and apparel retailer Wet Seal, Inc.  Payment processors were also heavily targeted, including one of the world’s largest credit card processing companies, Heartland Payment Systems, Inc., as well as European payment processor Commidea Ltd.; Euronet, Global Payment Systems and Ingenicard US, Inc. The hackers also targeted financial institutions such as Dexia Bank of Belgium, “Bank A” of the United Arab Emirates; the NASDAQ electronic securities exchange; and JetBlue Airways.  Damages are difficult to estimate with precision, but they total several hundred million dollars at least.  Just three of the corporate victims suffered losses totaling more than $300 million.

Article By:

of

Best Practices in Business to Business (B2B) Content Marketing [INFOGRAPHIC]

The Rainmaker Institute mini logo (1)

Content provider ContentCrossroads.com recently developed an infographic about best practices for B2B marketers, including the most popular, most profitable and easiest content to develop for B2B marketers looking to gain the attention of prospects:

legal marketing social media internet law firm management

 

Using Google Alerts to Get Topical News Quickly and Improve Your Content

Correct Consults Logo

Time is of the essence when taking someone from prospect to client.

Obtaining quick notice about local accidents and injuries and/or defective products can provide a competitive advantage.

When an accident has just occurred and a victim is deciding whether or not to hire an attorney, you want to be easy to find. If you are aware of accidents or defective products and pharmaceuticals early, you may have the opportunity to get the inside track on a case.

google, exclamation, marketing

Posting alerts and information on your website, blog and Social Media may help your firm be more easily found and give you increased opportunities to get cases.

One tool to identify possible newsworthy topics to post on your site and Social Media platforms is Google Alerts. Every time something new is indexed by Google on your chosen topic, you will receive an e-mail. You can also set Google Alerts to email you a daily or weekly digest that includes either only the best topical matches or everything associated with your selected topic.

There are multiple ways to utilize Google Alerts. You can sign up for your target city/town names, state, etc. for local news. For practice area-targeted news, you can sign up to be alerted for variations of car accidents (and injuries), truck accidents (and injuries, major highways, etc.), train accidents (as well as major train names), hospitals (and hospital injuries, negligence) and drug or product names you wish to target, for example. There are endless possibilities; your usage will depend on what works best for your law firm and schedule. You can even sign up for Alerts on competitors’ names to follow what they are doing. You should set Alerts for your firm and attorneys. Doing this will help you manage your firm’s reputation by alerting you to good and bad news and give you time to respond appropriately.

To develop a list for your Google Alerts entries, ask your attorneys (or have a trusted attorney decide) which topics and locations each person will follow for news or blog information, then sign up for Google Alerts on those topics at http://www.google.com/alerts. When you spread keywords among different people, the time investment is less significant, especially if you schedule a fifteen-minute block each day to read through your alerts.

Article By:

 of

Reporters Committee and Media Companies Back Google, Microsoft in Foreign Intelligence Surveillance Court (FISA)

ArmstrongTeasdale logo

In a historic move for The Reporters Committee for Freedom of the Press (RCFP), the organization has filed an amicus brief with the secretive Foreign Intelligence Surveillance Court (FISA) to support the free-speech rights of Google and Microsoft. The July 15, 2013 action marks the first time RCFP has both filed with the FISA Court and backed the First Amendment interests of Internet companies.

The RCFP has provided free legal advice, resources, support, and advocacy to journalists for more than 40 years.  It is joined in the brief by the following media companies: The Associated Press, Bloomberg L.P., Dow Jones & Company, Inc., Gannett Co., Inc., Los Angeles Times, The McClatchy Company, National Public Radio, Inc., The New York Times Company, The New Yorker; The Newsweek/Daily Beast Company LLC, Reuters America LLC, Tribune Company, and the Washington Post.

In June, both Microsoft and Google filed petitions with the FISA Court seeking permission to publish data on national security requests they received and which had been authorized by the court. The same month the American Civil Liberties Union (ACLU) and the Media Freedom and Information Access Clinic at Yale Law School filed a brief with the FISA Court requesting that it publish its opinions on the meaning, scope, and constitutionality of Section 215 of the Patriot Act.

That section authorizes the government to obtain “any tangible thing” relevant to foreign-intelligence or terrorism investigations.  It was the legal basis for an April FISA Court order requiring Verizon to turn over “on an ongoing daily basis” to the National Security Agency all call logs “between the United States and abroad” or “wholly within the United States, including local telephone calls.” The order was revealed by U.K.-based newspaper The Guardian in early June.

The amicus filing by RCFP and the coalition of news-media organizations supports the ACLU arguments that the court should release decisions that interpret the FISA laws and create binding precedent. However, the RCFP  brief emphasizes a related point: that the public has a First Amendment right to know both about the secretive court’s core activities and receive information from Google and Microsoft. The brief describes the two companies as “speakers” with significant free-speech interests who want to provide the public with information about the government surveillance programs in which they have been required to participate.

“In addition to implicating their rights as speakers, the Google and Microsoft cases raise important concerns relating to the interests of the public in receiving information, an interest that the Supreme Court has long recognized as a separate component of the speech and press freedoms under the First Amendment,” the brief argues. “Where the communications providers are willing speakers, the public has a heightened interest in hearing their speech. That interest is heightened even more when the government is itself choosing to provide information to the public regarding issues central to the Google and Microsoft cases.”

The information Google and Microsoft want to share with the public is not prohibited by law, the media coalition states, and this information “will better explain the nature of their participation in these (government-surveillance) programs and correct popular misconceptions about the operation of key antiterrorism initiatives undertaken by the government.”

The brief continues that the issues raised in the petitions are vitally important to both national security and civil liberties: “They inevitably and rightfully are going to be the subject of public reporting and debate, and secrecy is preventing the public and the press from having even the rudimentary information needed for the kind of informed discussion that the country deserves.”

 of

Survey Says: Fortune 500 Disclosing Cyber Risks

Mintz Logo

Ever since our 2013 prediction, an ever increasing number of public companies are adding disclosure related to cybersecurity and data breach risks to their public filings.  We previously analyzed how the nation’s largest banks have begun disclosing their cybersecurity risks.   Now, it appears that the rest of the Fortune 500 companies are catching on and including some level of disclosure of their cyber risks in response to the 2011 SEC Guidance.

The recently published Willis Fortune 500 Cyber Disclosure Report, 2013 (the “Report”), analyzes cybersecurity disclosure by Fortune 500 public companies.  The Report found that as of April 2013, 85% of Fortune 500 companies are following the SEC guidance and are providing some level of disclosure regarding cyber exposures.  Interestingly though, only 36% of Fortune 500 companies disclosed that such risk was “material”, “serious” or used a similar term, and only 2% of the companies used a stronger term, such as “critical”.

Following the SEC’s recommendation in its guidance, 95% of the disclosing companies mentionedspecific cyber risks that they face.  The top three cyber risks identified by those companies that disclosed cyber risks were:

1)      Loss or theft of confidential information (65%).

2)      Loss of reputation (50%).

3)      Direct loss from malicious acts (hackers, viruses, etc.) (48%).

Surprisingly, 15% of Fortune 500 companies indicated that they did not have the resources to protect themselves against critical attacks and only 52% refer to technical solutions that they have in place to defend against cyber risks.

The Report notes that despite the large number of Fortune 500 companies that acknowledge cyber risks in their disclosure, only 6% mentioned that they purchase insurance to cover cyber risks.  This number runs contrary to a survey published by the Chubb Group of Insurance Companies in which Chubb indicates that about 36% of public companies purchase cyber risk insurance.  For whatever reason, it appears that many of the Fortune 500 companies are simply not disclosing that they purchase cyber risk insurance as a means of protecting against cyber risk.

Almost two years after its issuance, the Report findings indicate that the 2011 SEC Guidance is in full swing and making its way into reality.  As more large companies disclose cyber risks in their public filings, this will continue to trickle down to the smaller companies that rely on those filings for precedent and guidance.  The Report provides a clear snapshot of where things stand in cyber risk disclosure by Fortune 500 public companies.  The scope of the Report is expected to expand to include Fortune 1000 companies, and it will be interesting to see how this data changes, if at all, when comprised of a larger pool of public companies.

Stay tuned!

Article By:

 of

Starting an Online Business: Licensing Requirements

Odin-Feldman-Pittleman-logo

Individuals interested in starting an online business are often confused or uninformed as to the licensing requirements for such businesses.  In many ways, an online business is like any “brick and mortar” store and the owner will probably be required to obtain certain licenses or permits to operate.

Federal Requirements

Business Licenses.  Most businesses do not require a federal business license or permit.  However, a business engaged in one of the following activities should contact the responsible federal agency to determine the requirements for doing business:  Investment Advising, Drug Manufacturing, Preparation of Meat Products, Broadcasting, Ground Transportation, Selling Alcohol, Tobacco, or Firearms.

Tax Identification Number.  A federal tax identification number, also known as an Employer Identification Number (EIN), is a federal identification number issued by the Internal Revenue Service to identify a business entity.  Nearly all businesses are required to have a tax identification number.

If a business is operated as a sole proprietorship, the owner may use his or her social security number in place of an EIN on all governmental forms and other official documents.  However, most small business advisors recommend using a federal tax identification number instead.

To obtain a federal tax identification number, a business owner should contact the nearest Local IRS Field Office or call the IRS Business and Specialty Tax Hotline at 800-829-4933.  The necessary form, IRS Form SS-4, can be downloaded directly from the Small Business Administration website.

State Requirements

Many states and local jurisdictions require a person to obtain a business license or permit before beginning business operations.  A business that operates without the required license or permit may be subjected to fines or may be barred from further business activity.  In some localities, a business operating out of a residence may require an additional permit.

While business licensing requirements vary from state-to-state, the most common types include:

·    Basic Business Operation License – a legal document issued by a local governmental authority that authorizes a person to conduct business within the boundaries of the municipality.  Many states have established small business assistance agencies to help small businesses comply with state requirements;

  • Fictitious Name Certificate – a document, usually filed with a state agency, which is required to operate a business using an assumed name or trade name (essentially, any name other than the full, formal name of the individual or company);
  • Home Occupation Permit – a permit which may be required to conduct business from a residence;
  • Tax Registration – if the state has a state income tax, a business owner must usually register and obtain an employer identification number from the state Department of Revenue or Treasury Department.  If the business engages in retail sales, the owner must usually obtain a sales tax license;
  • Special State-Issued Business Licenses or Permits – these permits may be required for a business that sell highly-regulated products like firearms, gasoline, liquor, or lottery tickets;
  • Zoning and Land Use Permits – may be required to develop a site or property for specific purposes
  • Employer Registrations – if the business has employees, the owner must usually make unemployment insurance contributions;

Additional state licenses may be required for regulated occupations such as building contractors, physicians, appraisers, accountants, barbers, real estate agents, auctioneers, private investigators, private security guards, funeral directors, bill collectors, and cosmetologists.

Article By:

 of

Federal Trade Commission (FTC) Settles with HTC America Over Charges it Failed to Secure Smartphone Software

RaymondBannerMED

Smartphone manufacturer HTC agreed in February to settle Federal Trade Commission (FTC) charges that the company failed to take reasonable steps to secure software it developed for its mobile devices including smartphones and tablet computers. In its complaint, the FTC charged HTC with violations of the Federal Trade Commission Act.  On July 2 the FTC approved a final order settling these charges.

trade FTC smartphone HTC

The FTC alleged HTC failed to employ reasonable security measures in its software which led to the potential exposure of consumer’s sensitive information. Specifically, the FTC alleged HTC failed to implement adequate privacy and security guidance or training for engineering staff, failed to follow well-known and commonly accepted secure programming practices which would have ensured that applications only had access to users’ information with their consent. Further, the FTC alleged the security flaws exposed consumers to malware which could steal their personal information stored on the device, the user’s geolocation information and the contents of the user’s text messages.

HTC is a manufacturer of smartphones but it also installs its own proprietary software on each device. It is this software that the FTC targeted. While HTC smartphones run Google’s Android operating system, the HTC software allegedly introduced significant vulnerabilities which circumvented some of Android’s security measures.

As part of the settlement consent order, HTC agreed to issue security patches to eliminate the vulnerabilities. HTC also agreed to establish a comprehensive security program to address the security risks identified by the FTC and to protect the security and confidentiality of consumer information stored on or transmitted through a HTC device. HTC further agreed to hire a third party to evaluate its data and privacy security program and to issue reports every two years for the consent order’s 20 year term. The implication of the FTC’s policy makes it clear that companies must affirmatively address both privacy and data security issues in their custom applications and software for consumer use.